[BC] Added form key validation to Contacts form (#3146)

fballiano · elidrissidev · web-flow · commit eaa1b47c53ca · 2023-04-10T22:36:49.000+01:00
Co-authored-by: Mohamed ELIDRISSI &lt;67818913+elidrissidev@users.noreply.github.com&gt;
diff --git a/app/code/core/Mage/Contacts/controllers/IndexController.php b/app/code/core/Mage/Contacts/controllers/IndexController.php
@@ -59,25 +59,24 @@ public function postAction()
             /** @var Mage_Core_Model_Translate $translate */
             $translate->setTranslateInline(false);
             try {
+                if (!$this->_validateFormKey()) {
+                    Mage::throwException($this->__('Invalid Form Key. Please submit your request again.'));
+                }
+
                 $postObject = new Varien_Object();
                 $postObject->setData($post);
 
                 $error = false;
-
                 if (!Zend_Validate::is(trim($post['name']), 'NotEmpty')) {
                     $error = true;
-                }
-
-                if (!Zend_Validate::is(trim($post['comment']), 'NotEmpty')) {
+                } elseif (!Zend_Validate::is(trim($post['comment']), 'NotEmpty')) {
                     $error = true;
-                }
-
-                if (!Zend_Validate::is(trim($post['email']), 'EmailAddress')) {
+                } elseif (!Zend_Validate::is(trim($post['email']), 'EmailAddress')) {
                     $error = true;
                 }
 
                 if ($error) {
-                    throw new Exception();
+                    Mage::throwException($this->__('Unable to submit your request. Please try again later'));
                 }
                 $mailTemplate = Mage::getModel('core/email_template');
                 /** @var Mage_Core_Model_Email_Template $mailTemplate */
@@ -92,19 +91,22 @@ public function postAction()
                     );
 
                 if (!$mailTemplate->getSentSuccess()) {
-                    throw new Exception();
+                    Mage::throwException($this->__('Unable to submit your request. Please try again later'));
                 }
 
                 $translate->setTranslateInline(true);
 
-                Mage::getSingleton('customer/session')->addSuccess(Mage::helper('contacts')->__('Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.'));
+                Mage::getSingleton('customer/session')->addSuccess($this->__('Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.'));
                 $this->_redirect('*/*/');
 
                 return;
-            } catch (Exception $e) {
+            } catch (Mage_Core_Exception $e) {
                 $translate->setTranslateInline(true);
-
-                Mage::getSingleton('customer/session')->addError(Mage::helper('contacts')->__('Unable to submit your request. Please, try again later'));
+                Mage::logException($e);
+                Mage::getSingleton('customer/session')->addError($e->getMessage());
+            } catch (Throwable $e) {
+                Mage::logException($e);
+                Mage::getSingleton('customer/session')->addError($this->__('Unable to submit your request. Please try again later'));
                 $this->_redirect('*/*/');
                 return;
             }
diff --git a/app/design/frontend/base/default/template/contacts/form.phtml b/app/design/frontend/base/default/template/contacts/form.phtml
@@ -18,6 +18,7 @@
     <h1><?php echo Mage::helper('contacts')->__('Contact Us') ?></h1>
 </div>
 <form action="<?php echo $this->getFormAction(); ?>" id="contactForm" method="post">
+    <?php echo $this->getBlockHtml('formkey') ?>
     <div class="fieldset">
         <h2 class="legend"><?php echo Mage::helper('contacts')->__('Contact Information') ?></h2>
         <ul class="form-list">
diff --git a/app/design/frontend/rwd/default/template/contacts/form.phtml b/app/design/frontend/rwd/default/template/contacts/form.phtml
@@ -18,6 +18,7 @@
     <h1><?php echo Mage::helper('contacts')->__('Contact Us') ?></h1>
 </div>
 <form action="<?php echo $this->getFormAction(); ?>" id="contactForm" method="post" class="scaffold-form">
+    <?php echo $this->getBlockHtml('formkey') ?>
     <div class="fieldset">
         <h2 class="legend"><?php echo Mage::helper('contacts')->__('Contact Information') ?></h2>
         <p class="required"><?php echo Mage::helper('contacts')->__('* Required Fields') ?></p>
diff --git a/app/locale/en_US/Mage_Contacts.csv b/app/locale/en_US/Mage_Contacts.csv
@@ -10,9 +10,10 @@
 "Email Sender","Email Sender"
 "Email Template","Email Template"
 "Enable Contact Us","Enable Contact Us"
+"Invalid Form Key. Please submit your request again.","Invalid Form Key. Please submit your request again."
 "Name","Name"
 "Send Emails To","Send Emails To"
 "Submit","Submit"
 "Telephone","Telephone"
-"Unable to submit your request. Please, try again later","Unable to submit your request. Please, try again later"
+"Unable to submit your request. Please try again later","Unable to submit your request. Please try again later."
 "Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us.","Your inquiry was submitted and will be responded to as soon as possible. Thank you for contacting us."
